What I'd like to do is embed a detached gpg signature in the binary package metadata, and the signatures also show up in /var/db/pkg/*/*/GPG_SIGNATURE as a record, and it would be nice to have a signed digest of all the installed files. The installed files signature has to be separate from the binary package signature, since /var/db/pkg/*/*/environment.bz2 is mutable. They could share a signature I suppose, but it's two distinct things to sign. My idea for embedding the detached binary package signature is to reserve a space in the metadata for the signature, and during generation and verification of the signature the reserved space will be treated as all zeros.
Or we could finally abandon this format and use something inspired by Exherbo. Instead of making the horrible binary format even worse, we could start creating regular .tar.* with package contents and generating .ebuilds with metadata that install them. Then the regular Manifests will work just fine without inventing yet another standard.
(In reply to Michał Górny from comment #1) > Or we could finally abandon this format and use something inspired by > Exherbo. Instead of making the horrible binary format even worse, we could > start creating regular .tar.* with package contents and generating .ebuilds > with metadata that install them. Then the regular Manifests will work just > fine without inventing yet another standard. I wouldn't be opposed to supporting something like that. Do Experbo pbins have some way to verify the signature of an installed package, and the files it has installed?
No clue, sorry. To clarify, I was thinking of using a fresh format off ebuilds, not copying pbins.
The advantage to a single-file package format is that it greatly simplifies moving packages between systems, especially manually. But changing the obscure appended-metadata format currently in use to a standard archive format with the metadata in it might be easier to work with. Squashfs comes to mind as a potential candidate. Random access, easily appendable, and could just be mounted and worked from directly without having to be extracted, this achieving IO savings on large packages.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/portage.git/commit/?id=b094ba47368bb9b16fb17ee47a54644a09860823 commit b094ba47368bb9b16fb17ee47a54644a09860823 Author: Rin Cat (鈴猫) <dev@rincat.ch> AuthorDate: 2022-01-23 23:23:14 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-01-24 01:17:10 +0000 */*: GPKG (new binpkg format) Support (GLEP 78, provisionally) Bug: https://bugs.gentoo.org/500630 Bug: https://bugs.gentoo.org/659864 Bug: https://bugs.gentoo.org/672672 Bug: https://bugs.gentoo.org/773259 Bug: https://bugs.gentoo.org/820578 Signed-off-by: Rin Cat (鈴猫) <dev@rincat.ch> Closes: https://github.com/gentoo/portage/pull/562 Signed-off-by: Sam James <sam@gentoo.org> MANIFEST.in | 3 + bin/gpkg-helper.py | 71 + bin/misc-functions.sh | 67 +- bin/quickpkg | 108 +- cnf/make.conf.example | 36 + cnf/make.globals | 21 + lib/_emerge/Binpkg.py | 13 +- lib/_emerge/BinpkgExtractorAsync.py | 9 + lib/_emerge/BinpkgFetcher.py | 31 +- lib/_emerge/EbuildBinpkg.py | 16 +- lib/_emerge/EbuildPhase.py | 33 +- lib/_emerge/Package.py | 1 + lib/_emerge/actions.py | 44 +- lib/_emerge/depgraph.py | 30 +- lib/portage/__init__.py | 1 + lib/portage/binpkg.py | 56 + lib/portage/const.py | 12 + lib/portage/dbapi/bintree.py | 445 ++++- lib/portage/dbapi/vartree.py | 77 +- lib/portage/exception.py | 20 + lib/portage/gpg.py | 106 + lib/portage/gpkg.py | 2015 ++++++++++++++++++++ .../package/ebuild/_config/special_env_vars.py | 1 + lib/portage/package/ebuild/config.py | 10 + lib/portage/package/ebuild/doebuild.py | 13 + .../06B3A311BD775C280D22A9305D90EA06352177F6.rev | 37 + .../8DEDA2CDED49C8809287B89D8812797DDF1DD192.rev | 37 + .../273B030399E7BEA66A9AD42216DE7CA17BA5D42E.key | Bin 0 -> 2055 bytes .../C99796FB85B0C3DF03314A11B5850C51167D6282.key | Bin 0 -> 2055 bytes lib/portage/tests/.gnupg/pubring.kbx | Bin 0 -> 2774 bytes lib/portage/tests/.gnupg/trustdb.gpg | Bin 0 -> 1360 bytes lib/portage/tests/__init__.py | 37 +- lib/portage/tests/emerge/test_simple.py | 47 +- lib/portage/tests/gpkg/__init__.py | 2 + lib/portage/tests/gpkg/__test__.py | 0 lib/portage/tests/gpkg/test_gpkg_checksum.py | 396 ++++ lib/portage/tests/gpkg/test_gpkg_gpg.py | 398 ++++ .../tests/gpkg/test_gpkg_metadata_update.py | 59 + lib/portage/tests/gpkg/test_gpkg_metadata_url.py | 173 ++ lib/portage/tests/gpkg/test_gpkg_path.py | 390 ++++ lib/portage/tests/gpkg/test_gpkg_size.py | 58 + lib/portage/tests/gpkg/test_gpkg_stream.py | 112 ++ lib/portage/tests/resolver/ResolverPlayground.py | 55 +- .../test_build_id_profile_format.py | 50 +- .../binpkg_multi_instance/test_rebuilt_binaries.py | 44 +- .../tests/resolver/soname/test_autounmask.py | 38 +- .../tests/resolver/soname/test_downgrade.py | 84 +- .../tests/resolver/soname/test_or_choices.py | 39 +- .../tests/resolver/soname/test_reinstall.py | 40 +- .../tests/resolver/soname/test_skip_update.py | 39 +- .../soname/test_slot_conflict_reinstall.py | 135 +- .../resolver/soname/test_slot_conflict_update.py | 38 +- .../tests/resolver/soname/test_soname_provided.py | 45 +- .../tests/resolver/soname/test_unsatisfiable.py | 40 +- .../tests/resolver/soname/test_unsatisfied.py | 40 +- .../tests/resolver/test_autounmask_binpkg_use.py | 38 +- lib/portage/tests/resolver/test_bdeps.py | 44 +- .../resolver/test_binary_pkg_ebuild_visibility.py | 35 +- lib/portage/tests/resolver/test_changed_deps.py | 41 +- ...test_complete_if_new_subslot_without_revbump.py | 40 +- .../resolver/test_disjunctive_depend_order.py | 34 +- lib/portage/tests/resolver/test_multirepo.py | 62 +- .../test_regular_slot_change_without_revbump.py | 41 +- lib/portage/tests/resolver/test_simple.py | 34 +- lib/portage/tests/resolver/test_slot_abi.py | 113 +- .../tests/resolver/test_slot_abi_downgrade.py | 77 +- .../resolver/test_slot_change_without_revbump.py | 40 +- .../resolver/test_slot_operator_autounmask.py | 40 +- .../tests/resolver/test_slot_operator_bdeps.py | 74 +- .../tests/resolver/test_slot_operator_rebuild.py | 40 +- .../tests/resolver/test_slot_operator_unsolved.py | 41 +- lib/portage/tests/resolver/test_useflags.py | 37 +- lib/portage/tests/runTests.py | 12 + lib/portage/tests/update/test_move_ent.py | 129 +- lib/portage/tests/update/test_move_slot_ent.py | 139 +- lib/portage/tests/update/test_update_dbentry.py | 182 +- lib/portage/util/_urlopen.py | 4 +- lib/portage/versions.py | 16 + man/make.conf.5 | 80 + .../06B3A311BD775C280D22A9305D90EA06352177F6.rev | 37 + .../8DEDA2CDED49C8809287B89D8812797DDF1DD192.rev | 37 + .../273B030399E7BEA66A9AD42216DE7CA17BA5D42E.key | Bin 0 -> 2055 bytes .../C99796FB85B0C3DF03314A11B5850C51167D6282.key | Bin 0 -> 2055 bytes repoman/lib/repoman/tests/.gnupg/pubring.kbx | Bin 0 -> 2774 bytes repoman/lib/repoman/tests/.gnupg/trustdb.gpg | Bin 0 -> 1360 bytes repoman/lib/repoman/tests/runTests.py | 10 + repoman/setup.py | 12 +- setup.py | 14 +- 88 files changed, 6272 insertions(+), 903 deletions(-)
*** Bug 500630 has been marked as a duplicate of this bug. ***